DNS Root Name Servers: Currently 13 Named Authorities

Last Edit: 27/03/17

The DNS root name servers are computers that serve the root zone of the Domain
Name System (DNS). The Domain Name System (DNS) is a naming system for the
Internet which creates a domain namespace and converts domain names to host
locations (IP address). The highest level in the Domain Name System (DNS)
is the root zone: a nameless zone that creates / administers a root zone file
for the location of the top level domain operators (registries). The root
name servers store this root zone file and
provide it to other DNS name servers and DNS resolvers who query the root
zone. The root zone file is not created by the root name server operators,
they simple host it, the file is given to them by the Internet Assigned Numbers
Authority (IANA); who in turn are overseen by ICANN, who were previously overseen
by the United States Department of Commerce (DOC).

Internet traffic does not pass through the DNS root name servers - they are
not routing servers - they are the ultimate authority of the DNS and respond
to DNS queries regarding naming issues and resolution. The DNS root name servers
do not store every DNS record, the Domain Name System (DNS) uses a distributed
database structure, where the burden of processing DNS queries is spread amongst
a hierarchy of DNS name servers; however, the root servers are the ultimate
authorities for solving a naming issue. Typically, the root name servers hold
DNS data for the top level domains - com, org, net, info, edu, gov - and queries
for second level domains in the top level domains which be directed to name
servers hosted by the registries (operators) of these top level domains. Root
name servers are not queried continuously by DNS servers, they are usually
only queried once or twice every 24-48 hours, this is because DNS servers
cache queries from their end users so that the burden placed on the root name
servers is decreased and performance is improved 'across the board'.

There are currently 13 root name servers that are operated by 12 independent
organisations; two are operated by Verisign. The servers are named alphabetically:
a.root-servers.net to m.root-servers.net. The current root name servers are
published by IANA on their website, and are reproduced below:

As you may have noticed, apart from RIPE NCC (European) all of the root name
server managers are U.S. organisations: this is because the development of
the Internet was originally funded by the U.S. government and the Domain Name
System (DNS) operation was overseen by the U.S. government until 2016. While
the organisations who manage the root name servers are mostly U.S. organisations,
the equipment used to operate the servers are located across the globe: in
over 50 countries and 125 geographical locations. There is no single location
/ server for each root server letter; this would create the possibility of
a catastrophic failure point, the burden for each root server letter is spread
across location sites; such as LINX (London Internet Exchange)
for the l.root-servers.net. The root name server managers are selected by
Internet Assigned Numbers Authority (IANA), and in the future they be may
changed to better represent an international multi-stake holder structure.
By spreading root zone services across 13 servers, the possibility of information
provided by a server being manipulated is decreased, due to the improbability
of it occuring at 12 organisations.

The operation of the root name servers is funded by the managers of them;
how the managers fund the operation differs for each one, some are U.S. government
bodies and are funded by the U.S. tax payer, RIPE is funded by over 4000 independent
European Internet Service Providers. While IANA selects the root name server
managers, it does not dictate how the managers operate the servers, this responsibility
is given entirely to the managers with no authority overseeing it; IETF have
outlined some minimum requirements. The software the root name servers use
differs, but it is usually a version of BIND (bind8, bind9) or NSD. The robustness
of this software is extreme, vulnerabilities are rarely found; due to the
serious role the root name servers and name servers play in the operation
of the Internet, DNS software is extensively tested for bugs. DDoS attacks
have been directed at the root name servers but have never successfully disabled
all the servers. Root name server managers upgrade the equipment of their
servers regularly, and due to the core function the DNS plays for the Internet,
the managers take their responsibility seriously. Few things on the Internet
are organised with a clear hierarchical structure: the root name servers are
an exception, placed at the pinnacle of the Internet's naming system.